Malicious PDF — malware analysis report

Static analysis result for SHA-256 a2819e993a3ddad3…

MALICIOUS

PDF

15.9 KB Created: 2019-05-03 05:56:47 +01:00 Authoring application: mPDF 5.7
MD5: 0efed96c2d0eb91316591248e3e5ccc0 SHA-1: f8edce3967e0d38f2a1a2c7cce4efac88800216b SHA-256: a2819e993a3ddad3f4e495496cb665ba32c9e5b4c9193da1ab43fab4f200a170
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, many of which are hosted on the suspicious domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also flagged this PDF as malicious with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9800

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/7732730734736731/Dick-Francis-Omnibus-Forfeit-Risk-and-Reflex-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/4736735735733738/Dick-Francis-4-Comp-Nov-Jkt-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/1735737738731733/Dick-Francis-s-Gamble-by-Felix-Francis.pdf
    • http://cefasfese.4pu.com/6731732731738732/Weinprobe-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/4737731730732731/Banker-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/6731732731738730/Abgebr-ht-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/6734738739731737/Hot-Money-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/4737738739739737/Proof-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/1738730735733/Second-Wind-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/6731732732732736/Ausgestochen-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/8737730737736/Longshot-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/3732734733739739/Straight-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/2738737733731730/Straight-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/4733735738739731/The-Sport-of-Queens-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/4736736732730733/The-Kit-Fielding-Omnibus-Break-In-Bolt-by-Dick-Francis.pdf
    • http://cefasfese.4pu.com/5730733730731/2000-Years-of-Dick-Fiction-by-Dick-Ward.pdf
    • http://cefasfese.4pu.com/5734735733731/Castaways-of-the-Flying-Dutchman-Flying-Dutchman-1-by-Brian-Jacques.pdf
    • http://cefasfese.4pu.com/1730735733733738734/-Beyond-Band-of-Brothers-The-War-Memoirs-of-Major-Dick-Winters-BEYOND-BAND-OF-BROTHERS-THE-WAR-MEMOIRS-OF-MAJOR-DICK-WINTERS-By-Winters-Dick-Author-May-01-2008-Paperback-by-Dick-Winters.pdf
    • http://cefasfese.4pu.com/3738731737738739/The-Collected-Stories-of-Philip-K-Dick-Volume-3-The-Father-Thing-by-Philip-K-Dick.pdf
    • http://cefasfese.4pu.com/4730732736736735/The-Collected-Stories-of-Philip-K-Dick-Volume-4-Minority-Report-by-Philip-K-Dick.pdf
    • http://cefasfese.4pu.com/47337357387397

Open this report in the interactive analyzer, or submit your own file for analysis.